Date: Wed, 30 Sep 2015 11:07:28 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: urlfetch range handling flaw in Cyrus IMAP On 09/29/2015 01:01 PM, Martin Prpic wrote: > Hi, was a CVE ID assigned for the following issue? > > "Security fix: handle urlfetch range starting outside message range" > [https://docs.cyrus.foundation/imap/release-notes/2.4/x/2.4.18.html] > > Not many details seem to be available about this issue. Any pointers to > a patch that fixes this would be greatly appreciated. This looks like the relevant fix: https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 This patch seems to fix an information disclosure (out of bounds heap read). The patch may be incomplete because n could become negative. I'll ask on the cyrus-devel list once my subscription request goes through. This otherwise unrelated commits might be security-relevant as well: https://cyrus.foundation/cyrus-imapd/commit/?id=d81a712401418cc0bd1daa49ded8e5bcc4b69f21 https://cyrus.foundation/cyrus-imapd/commit/?id=ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0 https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ